Audrey Prieur

**Name of the Vulnerable Software and Affected Versions** Jenkins Active Choices Plugin versions 2.5.6 and earlier **Description** The issue results in a stored cross-site scripting (XSS) vulnerability, which is exploitable by attackers with Job/Configure permission. This occurs because the parameter name of reactive parameters and dynamic reference parameters is not escaped. **Recommendations** For versions 2.5.6 and earlier, update to version 2.5.7 or later, which escapes references to parameter names, to resolve the issue.